This is an especially good idea as many currently deployed versions of MySQL suffer from unrecoverable segfaults as a result of receiving too many (read: more than six) SSL connections.
Experience? Apparently SSH tunnels could be used for more than just allowing an external server gain access to a service running on an internal server.
Ask me how I know. </jaded>